Multiple vulnerabilities in PostgreSQL affect PowerVM VIOS

IBM SECURITY ADVISORY First Issued: Thu Apr 2 15:29:58 CDT 2026 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/postgresadvisory.asc Security Bulletin: Multiple vulnerabilities in PostgreSQL affect PowerVM VIOS...

The State of Trusted Open Source Report

In December 2025, we shared the first-ever The State of Trusted Open Source report, featuring insights from our product data and customer base on open source consumption across our catalog of container image projects, versions, images, language libraries, and builds. These insights shed light on...

Security update for postgresql16 (important)

openSUSE security update: security update for postgresql16 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20447-1 Rating: important References: bsc1258008 bsc1258009 bsc1258010 bsc1258011 bsc1258754 Cross-References: CVE-2026-2003 CVE-2026-2004...

Security update for postgresql13 (important)

openSUSE security update: security update for postgresql13 ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20449-1 Rating: important References: bsc1253332 bsc1253333 Cross-References: CVE-2025-12817 CVE-2025-12818 CVSS scores: CVE-2025-12817 SUSE :...

CVE-2026-34455

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...

CVE-2026-34455 Hi.Events: SQL Injection via Unvalidated sort_by Query Parameter in Multiple Repository Classes

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...

CVE-2026-34455

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...

EUVD-2026-18007

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...

CVE-2026-34455 Hi.Events: SQL Injection via Unvalidated sort_by Query Parameter in Multiple Repository Classes

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sortby query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application us...

CVE-2026-34455

Hi.Events is affected by an SQL injection in which multiple repository classes pass the user-supplied sort_by parameter directly to Eloquent's orderBy() without validation (affecting versions 0.8.0-beta.1 up to before 1.7.1-beta). The underlying issue is the lack of input validation for sort_by, ...

CLEANSTART-2026-EQ51133 Security fixes for CVE-2023-5870, CVE-2024-7348, CVE-2025-8713, CVE-2025-8714, CVE-2025-8715 applied in versions: 16.1-r0, 16.2-r0, 16.4-r0, 17.6-r0

Multiple security vulnerabilities affect the postgresql package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-JA70776 Security fixes for CVE-2023-5870, CVE-2024-7348, CVE-2025-8713, CVE-2025-8714, CVE-2025-8715 applied in versions: 16.1-r0, 16.2-r0, 16.4-r0, 17.6-r0

Multiple security vulnerabilities affect the postgresql package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-GI40937 Security fixes for CVE-2023-5870, CVE-2024-7348, CVE-2025-8713, CVE-2025-8714, CVE-2025-8715 applied in versions: 16.1-r0, 16.2-r0, 16.4-r0, 17.6-r0

Multiple security vulnerabilities affect the postgresql package. These issues are resolved in later releases. See references for individual vulnerability details...

CLSA-2026-1775033648 postgresql-jdbc: Fix of CVE-2022-21724

CVE-2022-21724: ensure arbitrary classes can't be passed instead of SocketFactory, SSLSocketFactory, CallbackHandler, HostnameVerifier - Restore testing from previous spec versions, exclude broken tests...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data due to vulnerable PostgreSQL JDBC connection parameters not being blocked by default. An attacker can exploit this vulnerability by injecting dangerous JDBC parameters such as socketFactory, sslfactory,...

PT-2026-29592

Hi.Events is an open-source event management and ticket selling platform. From version 0.8.0-beta.1 to before version 1.7.1-beta, multiple repository classes pass the user-supplied sort by query parameter directly to Eloquent's orderBy without validation, enabling SQL injection. The application...

EUVD-2026-17664

Alerta is a monitoring tool. Prior to version 9.1.0, the Query string search API q= was vulnerable to SQL injection via the Postgres query parser, which built WHERE clauses by interpolating user-supplied search terms directly into SQL strings via f-strings. This issue has been patched in version...

CVE-2026-29953

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

EUVD-2026-17131

SQL Injection vulnerability in SchemaHero 0.23.0 via the column parameter to the columnAsInsert function in file plugins/postgres/lib/column.go...

SQL Injection

Overview Affected versions of this package are vulnerable to SQL Injection through the column.go processing in the PostgreSQL and MySQL table schema components. An attacker can tamper with the database table structure and potentially leak data by creating a malicious Table CRD with crafted column...